[erlang-questions] Malformed countryName in x509 certs + public_key
Mon Jun 2 23:28:44 CEST 2014
I'm working on an Erlang project that entails controlling some
devices that expose a SOAP api. The device manufacturer made a
mistake and shipped the devices with a cert where the countryName
field in the cert subject is three characters long.
Even with verification disabled via ssl options, we get a crash while
parsing the cert (this stack with with R15B01 but I get the
same results with 17)
So presumably the cert runs afoul before the normal verification
steps, and disabling verification doesn't help.
Normally it wouldn't be a big deal to replace these certs, but there
are a bunch of them and the process entails an interruption of
service on the device, so I'm hoping to find a workaround.
One option would be to modify public_key to accept the three byte
value until we can get the certs rotated- I've experimented with
modiying PKIX1Explicit88.asn1 and recompiling with asn1ct, but I am
totally clueless in this area and suspect I may be on a fools errand :)
Anyhow- my purpose in mailing the list was to see if any other erlang
users have run into a similar predicament, and to see if you found a
good strategy for working around it.
Thanks in advance!
More information about the erlang-questions